• DocumentCode
    2757156
  • Title

    HoneyGen: An automated honeytokens generator

  • Author

    Bercovitch, Maya ; Renford, Meir ; Hasson, Lior ; Shabtai, Asaf ; Rokach, Lior ; Elovici, Yuval

  • Author_Institution
    Dept. of Inf. Syst. Eng. &, Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel
  • fYear
    2011
  • fDate
    10-12 July 2011
  • Firstpage
    131
  • Lastpage
    136
  • Abstract
    Honeytokens are artificial digital data items planted deliberately into a genuine system resource in order to detect unauthorized attempts to use information. The honeytokens are characterized by properties which make them appear as genuine data items. Honeytokens are also accessible to potential attackers who intend to violate an organization´s security in an attempt to mine information in a malicious manner. One of the main challenges in generating honeytokens is creating data items that appear as real and that are difficult to distinguish from real tokens. In this paper we present “HoneyGen” - a novel method for generating honeytokens automatically. HoneyGen creates honeytokens that are similar to the real data by extrapolating the characteristics and properties of real data items. The honeytoken generation process consists of three main phases: rule mining in which various types of rules that characterize the real data are extracted from the production database; honeytoken generation in which an artificial relational database is generated based on the extracted rules; and the likelihood rating in which a score is calculated for each honeytoken based on its similarity to the real data. A Turing-like test was performed in order to evaluate the ability of the method to generate honeytokens that cannot be detected by humans as honeytokens. The results indicate that participants were unable to distinguish honeytokens having a high likelihood score from real tokens.
  • Keywords
    data mining; relational databases; security of data; HoneyGen; artificial digital data; artificial relational database; automated honeytokens generator; genuine system resource; organization security; rule extraction; rule mining; turing-like test; unauthorized attempt detection; Automation; Databases; Monitoring; Postal services; Production; database generation; honeypot; honeytoken; intrusion detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligence and Security Informatics (ISI), 2011 IEEE International Conference on
  • Conference_Location
    Beijing
  • Print_ISBN
    978-1-4577-0082-8
  • Type

    conf

  • DOI
    10.1109/ISI.2011.5984063
  • Filename
    5984063